Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-06-30 16:41:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch to certbot-dns-duckdns

Browse Source
This commit is contained in:
Eric Nemchik 2022-10-06 18:08:20 +00:00
parent 3fb6e3f54d
commit 53db9755b2
8 changed files with 32 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -116,6 +116,7 @@ RUN \
certbot-dns-dnspod \ certbot-dns-dnspod \
certbot-dns-do \ certbot-dns-do \
certbot-dns-domeneshop \ certbot-dns-domeneshop \
certbot-dns-duckdns \
certbot-dns-dynu \ certbot-dns-dynu \
certbot-dns-gehirn \ certbot-dns-gehirn \
certbot-dns-godaddy \ certbot-dns-godaddy \

1
Dockerfile.aarch64
View File

@ -116,6 +116,7 @@ RUN \
certbot-dns-dnspod \ certbot-dns-dnspod \
certbot-dns-do \ certbot-dns-do \
certbot-dns-domeneshop \ certbot-dns-domeneshop \
certbot-dns-duckdns \
certbot-dns-dynu \ certbot-dns-dynu \
certbot-dns-gehirn \ certbot-dns-gehirn \
certbot-dns-godaddy \ certbot-dns-godaddy \

1
Dockerfile.armhf
View File

@ -116,6 +116,7 @@ RUN \
certbot-dns-dnspod \ certbot-dns-dnspod \
certbot-dns-do \ certbot-dns-do \
certbot-dns-domeneshop \ certbot-dns-domeneshop \
certbot-dns-duckdns \
certbot-dns-dynu \ certbot-dns-dynu \
certbot-dns-gehirn \ certbot-dns-gehirn \
certbot-dns-godaddy \ certbot-dns-godaddy \

2
README.md
View File

@ -336,7 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **06.10.22:** - Update cpanel and gandi dns plugin handling. Minor adjustments to init logic. * **06.10.22:** - Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
* **05.10.22:** - Use certbot file hooks instead of command line hooks * **05.10.22:** - Use certbot file hooks instead of command line hooks
* **04.10.22:** - Add godaddy and porkbun dns plugins. * **04.10.22:** - Add godaddy and porkbun dns plugins.
* **03.10.22:** - Add default_server back to default site conf's https listen. * **03.10.22:** - Add default_server back to default site conf's https listen.

2
readme-vars.yml
View File

@ -156,7 +156,7 @@ app_setup_nginx_reverse_proxy_block: ""
# changelog # changelog
changelogs: changelogs:
- { date: "06.10.22:", desc: "Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." } - { date: "06.10.22:", desc: "Switch to certbot-dns-duckdns. Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
- { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" } - { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" }
- { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." } - { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." }
- { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." } - { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." }

8
root/app/duckdns-txt
View File

@ -1,8 +0,0 @@
#!/bin/bash
. /config/.donoteditthisfile.conf
curl https://www.duckdns.org/update?domains=${CERTBOT_DOMAIN}\&token=${ORIGDUCKDNSTOKEN}\&txt=${CERTBOT_VALIDATION}
echo "sleeping 60"
sleep 60

3
root/defaults/dns-conf/duckdns.ini Normal file
View File

@ -0,0 +1,3 @@
# Instructions: https://github.com/infinityofspace/certbot_dns_duckdns#credentials-file-or-cli-parameters
# Replace with your API token from your duckdns account.
dns_duckdns_token=<your-duckdns-token>

42
root/etc/cont-init.d/50-certbot
View File

@ -23,7 +23,7 @@ for i in "${SANED_VARS[@]}"; do
done done
# check to make sure DNSPLUGIN is selected if dns validation is used # check to make sure DNSPLUGIN is selected if dns validation is used
if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then if [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(acmedns|aliyun|azure|cloudflare|cloudxns|cpanel|desec|digitalocean|directadmin|dnsimple|dnsmadeeasy|dnspod|do|domeneshop|duckdns|dynu|gandi|gehirn|godaddy|google|he|hetzner|infomaniak|inwx|ionos|linode|loopia|luadns|netcup|njalla|nsone|ovh|porkbun|rfc2136|route53|sakuracloud|standalone|transip|vultr)$ ]]; then
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details."
sleep infinity sleep infinity
fi fi
@ -50,7 +50,7 @@ if [ -f "/config/donoteditthisfile.conf" ]; then
mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf mv /config/donoteditthisfile.conf /config/.donoteditthisfile.conf
fi fi
if [ ! -f "/config/.donoteditthisfile.conf" ]; then if [ ! -f "/config/.donoteditthisfile.conf" ]; then
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
echo "Created .donoteditthisfile.conf" echo "Created .donoteditthisfile.conf"
fi fi
@ -64,6 +64,25 @@ if [ -z "$VALIDATION" ]; then
echo "VALIDATION parameter not set; setting it to http" echo "VALIDATION parameter not set; setting it to http"
fi fi
# set duckdns validation to dns
if [ "$VALIDATION" = "duckdns" ]; then
VALIDATION="dns"
DNSPLUGIN="duckdns"
if [ -n "$DUCKDNSTOKEN" ] && ! grep -q "dns_duckdns_token=${DUCKDNSTOKEN}$" /config/dns-conf/duckdns.ini;then
sed -i "s|^dns_duckdns_token=.*|dns_duckdns_token=${DUCKDNSTOKEN}|g" /config/dns-conf/duckdns.ini
fi
fi
if [ "$VALIDATION" = "dns" ] && [ "$DNSPLUGIN" = "duckdns" ]; then
if [ "$SUBDOMAINS" = "wildcard" ]; then
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
export ONLY_SUBDOMAINS=true
else
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
export SUBDOMAINS=""
fi
export EXTRA_DOMAINS=""
fi
# if zerossl is selected or staging is set to true, use the relevant server # if zerossl is selected or staging is set to true, use the relevant server
if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then
echo "ZeroSSL does not support staging mode, ignoring STAGING variable" echo "ZeroSSL does not support staging mode, ignoring STAGING variable"
@ -142,7 +161,7 @@ if [ "$VALIDATION" = "dns" ]; then
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|duckdns|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then
@ -159,17 +178,6 @@ if [ "$VALIDATION" = "dns" ]; then
elif [ "$VALIDATION" = "tls-sni" ]; then elif [ "$VALIDATION" = "tls-sni" ]; then
PREFCHAL="--standalone --preferred-challenges http" PREFCHAL="--standalone --preferred-challenges http"
echo "*****tls-sni validation has been deprecated, attempting http validation instead" echo "*****tls-sni validation has been deprecated, attempting http validation instead"
elif [ "$VALIDATION" = "duckdns" ]; then
PREFCHAL="--manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt"
chmod +x /app/duckdns-txt
echo "duckdns validation is selected"
if [ "$SUBDOMAINS" = "wildcard" ]; then
echo "the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org"
export URL_REAL="-d *.${URL}"
else
echo "the resulting certificate will only cover the main domain due to a limitation of duckdns, ie. subdomain.duckdns.org"
export URL_REAL="-d ${URL}"
fi
else else
PREFCHAL="--standalone --preferred-challenges http" PREFCHAL="--standalone --preferred-challenges http"
echo "http validation is selected" echo "http validation is selected"
@ -189,7 +197,7 @@ rm -rf /config/keys/cert.key
ln -s ./letsencrypt/privkey.pem /config/keys/cert.key ln -s ./letsencrypt/privkey.pem /config/keys/cert.key
# checking for changes in cert variables, revoking certs if necessary # checking for changes in cert variables, revoking certs if necessary
if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$DUCKDNSTOKEN" = "$ORIGDUCKDNSTOKEN" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "$ONLY_SUBDOMAINS" = "$ORIGONLY_SUBDOMAINS" ] || [ ! "$EXTRA_DOMAINS" = "$ORIGEXTRA_DOMAINS" ] || [ ! "$VALIDATION" = "$ORIGVALIDATION" ] || [ ! "$DNSPLUGIN" = "$ORIGDNSPLUGIN" ] || [ ! "$PROPAGATION" = "$ORIGPROPAGATION" ] || [ ! "$STAGING" = "$ORIGSTAGING" ] || [ ! "$CERTPROVIDER" = "$ORIGCERTPROVIDER" ]; then
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [ "$ORIGONLY_SUBDOMAINS" = "true" ] && [ ! "$ORIGSUBDOMAINS" = "wildcard" ]; then if [ "$ORIGONLY_SUBDOMAINS" = "true" ] && [ ! "$ORIGSUBDOMAINS" = "wildcard" ]; then
ORIGDOMAIN="$(echo "$ORIGSUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${ORIGURL}" ORIGDOMAIN="$(echo "$ORIGSUBDOMAINS" | tr ',' ' ' | awk '{print $1}').${ORIGURL}"
@ -217,7 +225,7 @@ if [ ! "$URL" = "$ORIGURL" ] || [ ! "$SUBDOMAINS" = "$ORIGSUBDOMAINS" ] || [ ! "
fi fi
# saving new variables # saving new variables
echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGPROPAGATION=\"$PROPAGATION\" ORIGSTAGING=\"$STAGING\" ORIGCERTPROVIDER=\"$CERTPROVIDER\" ORIGEMAIL=\"$EMAIL\"" >/config/.donoteditthisfile.conf
# alter extension for error message # alter extension for error message
if [ "$DNSPLUGIN" = "google" ]; then if [ "$DNSPLUGIN" = "google" ]; then
@ -255,8 +263,6 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
if [ ! -d /config/keys/letsencrypt ]; then if [ ! -d /config/keys/letsencrypt ]; then
if [ "$VALIDATION" = "dns" ]; then if [ "$VALIDATION" = "dns" ]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file." echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
elif [ "$VALIDATION" = "duckdns" ]; then
echo "ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct."
else else
echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container" echo "ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container"
fi fi